I had Vundo and God knows what else and ttempted to remove myself before discoverig your forum.
I do not know if I have been successful, could someone kindly review my logs to see if I should do anything else?
Kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, 02 June, 2008 03:09:57
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/06/2008
Kaspersky Anti-Virus database records: 820756
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 59361
Number of viruses found: 1
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 10:04:36

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Admin\My Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\My Documents\E-mail\ATS_msgs.msnbak Object is locked skipped
C:\Documents and Settings\Admin\My Documents\E-mail\msgs.msnbak Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Invoice Template.doc Object is locked skipped
C:\Documents and Settings\Admin\My Documents\ItsDeductible2006\ID2006DB.mdb Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Music\Gordon Lightfoot\1976. Summertime Dream\02. Wreck Of The Edmund Fitzgerald (LP Version).wma Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Music\Gordon Lightfoot\1976. Summertime Dream\The wreck of the Edmund Fitzgerald (lyrics).doc Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Music\Internet Radio on LAUNCH.url Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Music\Joe Cocker\1993. The Best Of Joe Cocker [Capitol]\02. You Can Leave Your Hat On.wma Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Music\Joe Cocker\1993. The Best Of Joe Cocker [Capitol]\AlbumArtSmall.jpg Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Music\Joe Cocker\1993. The Best Of Joe Cocker [Capitol]\AlbumArt_{3B0BE1A8-E9A1-49C5-8BD8-3290DB08549B}_Large.jpg Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Music\Joe Cocker\1993. The Best Of Joe Cocker [Capitol]\AlbumArt_{3B0BE1A8-E9A1-49C5-8BD8-3290DB08549B}_Small.jpg Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Music\Joe Cocker\1993. The Best Of Joe Cocker [Capitol]\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Music\Joe Cocker\1993. The Best Of Joe Cocker [Capitol]\Folder.jpg Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Music\Joe Cocker\1993. The Best Of Joe Cocker [Capitol]\Thumbs.db Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Music\Joe Cocker\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Music\Joe Cocker\Thumbs.db Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Music\John Conlee\1978. Rose Colored Glasses\05. Backside Of Thirty.wma Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Music\Little Jimmy Dickens\1996. I'm Little But I'm Loud\20. May The Bird Of Paradise Fly Up Your Nose.wma Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Music\Love in the hot afternoon (lyrics).doc Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Music\Mary Chapin Carpenter\1999. Party Doll And Other Favorites\12. Shut Up And Kiss Me [Album Version].wma Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Music\Music Videos & More on LAUNCH.url Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\Admin\My Documents\My Downloads\ESTA_FOTO_ES_MUY_RARA111[1]....pps Object is locked skipped
C:\Documents and Settings\Admin\My Documents\My Pictures\CABV1P42.gif Object is locked skipped
C:\Documents and Settings\Admin\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\My Documents\My Pictures\photo-ffadult-r40-s2-39676729_11959.14080288.main.gif Object is locked skipped
C:\Documents and Settings\Admin\My Documents\My Pictures\pic Object is locked skipped
C:\Documents and Settings\Admin\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Admin\My Documents\My Pictures\Thumbs.db Object is locked skipped
C:\Documents and Settings\Admin\My Documents\My Pictures\Yahoo! Photos.url Object is locked skipped
C:\Documents and Settings\Admin\My Documents\TurboTax\2006 Sprowls H Tax Return.tax Object is locked skipped
C:\Documents and Settings\Admin\My Documents\Yahoo! Briefcase.url Object is locked skipped
C:\Documents and Settings\Admin\ntuser.dat Object is locked skipped
C:\Documents and Settings\Admin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ISPCOMP\sdi.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dfb8c0379db9e27313e3413a4128c396_2320ea8f-64f2-4eff-b34a-10e668574ba6 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080601_Time-081612000_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080601_Time-081612000_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_ADVANCED-BV86WW.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_ADVANCED-BV86WW.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\All Users\ntuser.dat Object is locked skipped
C:\Documents and Settings\All Users\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Heather Sprowls\ntuser.dat Object is locked skipped
C:\Documents and Settings\Heather Sprowls\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Kids\ntuser.dat Object is locked skipped
C:\Documents and Settings\Kids\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Thomas Clemens\Application Data\Lavasoft\Ad-Aware\logs\AWEVLOG.txt Object is locked skipped
C:\Documents and Settings\Thomas Clemens\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Thomas Clemens\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Thomas Clemens\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Thomas Clemens\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Thomas Clemens\Local Settings\History\History.IE5\MSHist012008060120080602\index.dat Object is locked skipped
C:\Documents and Settings\Thomas Clemens\Local Settings\Temporary Internet Files\Content.IE5\1GGVC10Y\1021f857[1] Object is locked skipped
C:\Documents and Settings\Thomas Clemens\Local Settings\Temporary Internet Files\Content.IE5\33QUE1CP\2303cd9b[1] Object is locked skipped
C:\Documents and Settings\Thomas Clemens\Local Settings\Temporary Internet Files\Content.IE5\33QUE1CP\38b6320d[1] Object is locked skipped
C:\Documents and Settings\Thomas Clemens\Local Settings\Temporary Internet Files\Content.IE5\33QUE1CP\68a4cb8d[1] Object is locked skipped
C:\Documents and Settings\Thomas Clemens\Local Settings\Temporary Internet Files\Content.IE5\8IRLC70W\aa8c7eb4[1] Object is locked skipped
C:\Documents and Settings\Thomas Clemens\Local Settings\Temporary Internet Files\Content.IE5\C4HKD5EN\5eed1b9[1] Object is locked skipped
C:\Documents and Settings\Thomas Clemens\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Thomas Clemens\ntuser.dat Object is locked skipped
C:\Documents and Settings\Thomas Clemens\ntuser.dat.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1AE45B1C.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1B870E69.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1BE32604 Infected: Backdoor.Win32.Rbot.gen skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\33E44F99.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_PCTEL Platinum V.90 Modem.txt Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{852769CB-7D39-46E1-98E6-F7F51B8EB942}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\appcom\02E420CD67827F9EC03E2F20278746D277085DE0.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\02EAD333FD5A894A46A7D15639A1BCFC62F69C51.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\03A418E8EF0B608BF91B78D2EA83886EE35D1671.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\0438BB54AA13EE5EF5543512CE46D66DE174ECD4.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\04432F82DB9BF4A6E2D6720779202038AB94CFD4.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\048963AD10ADD4CC02988E5546380FE22E77BA15.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\049E528B0F39D533AC339C3CD3237BBC0A066764.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\065178B60E9D4115D8E20A9F92A27EA250AE550B.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\06A4DBD9F27088A7B76F622E76C1F0B60F7C97CF.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\06A7E9B09F02452442903A988E2F64CEC8835BDA.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\070E1023266C95CE9C2107C7BAEBB52EDA5D2417.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\07FC2A81CA5581D0643B4DD136B2FF5AE0266015.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\093E74D52528D873EA08DEE673AEABBE556801C4.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\097551D7E3DA64C124C73FA22969A72B71601B99.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\0AD82EA59AD640071706CBD951E1674EE057FC80.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\0C9B07915A1FD096DC765575BB77689A96D1C6DA.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\0CCE742AB9C0795F171621B50DCB5F423C88F855.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\0D21EDD6AC937021AA492F74259CD779221A61CC.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\0D2958031B012C4FB29E6177A5E097CC9560B89E.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\0D59B91620C338810C0178495D95FF549CA7BE42.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\0D86EBC557FC96E150D2A6FB9391D15EAD920229.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\0DC6315CFA90DF9E553E5B2E79D479B2CD6F1222.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\0EA56FAE6BB946B64301D3993F0FBCD42D383532.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\0F2CEBBEDF65D9D7685502B98E5CBFF6A745FE4C.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\0F8B1CD5BE8C84B8136B94A410E8FCB2E90FD66E.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\0F8D6BC0859AC77629040D36159D8E952B3B2A70.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\109F3039777E1A89D2B68559681CA5D2483D1F24.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\11711FB007717781090B9FA4A5415F65CEAF13C5.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\11EFD79AD5EE2C0BC0E1390DC7F4F2225CDD456A.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\14675CFAC4A75590292CC974E7A1D1788ECDD1A3.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\148ACDB3C310682A34613F557DE0B9DAFC81C0AD.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\16948FCFEB9D99547886E5F5117F1E03621C41F8.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\16EE6FAC6BC1DC23B3A57177E51F0EC998823AE8.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\1867EA7F85565A783CA602A0DAB78C914956D5E7.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\1A4C66AAD729E7A9232D6AD58FC190B908C9A50A.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\1A560722084463FDBA757CEA966CCB8C85AD1879.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\1C76BC615015E9B429F8B3FD7D2927541551C418.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\1CCD9C996560A65309E554E8C24F8B20FF6C4836.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\1CEF5FE1610C64D0144D477D92A785ABCCD4A7FB.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\1D26816DDF01249745C5AA673C25D0CA29AAEB04.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\1D2DE72DAD0FC3549F0DE6E3EA881A0CA06084DD.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\1E2EC52C7917ED75305FD089F52D591938C7ECA9.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\1E8EAE955ECBD489FD25FA34CAE4EF6D1D3E2E70.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\1EC7423B1D5BB5D4CCFF586F9749C5E7BF14CA21.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\1F3EAC291FD691C10E52AD61E3B949B1B6FFB616.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\1FA612AABA2087FCFDB1C495210BB8B8FF09A027.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\21150743008D3BFE0CCAFAECE655DCA9435832E0.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\2197BCD22998FE46E74CA75FB8673C8F57AEFA97.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\219EA1E7E77346DB60C4E396723F7409D0388525.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\21F7C372D48F06484902B97BE59E6EE210BD8BDD.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\22EC96998EEF9479E9FB9FDC40B5B40BB6EC4E5D.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\2399073B324F554894D0C3AF4C00C71D77AD8F36.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\2888E051E429F2D1078B5C3EB29C698FD6CC2491.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\296C33846596F92C7F57D5892F854CF74E73FBC5.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\2C031A603A46E63EDC0985B037EFAA32AB17ECDF.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\2C2A688AE11D9340A4491241C0B14DC00DF45652.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\2C8A16DD7C5AC6DB02FDBC123156F17D17CFF61C.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\2D7584B847F40CD3B4FAB6771B3E7505B1522D51.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\2DA1112B9F62F7B79F1AE05A2DCF2E3D63AC6BD5.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\2DEEDCED4F51F51F373E4DACD08D9DF9709908B9.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\2E30FA0BDA45DB53386FA4F43F9320A67D94F2B8.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\2EFAA914C8EFF8A7E3089C7463ABE584CFCC4AEE.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\2F27224A1FA2AFC353A626641018232E275C1B31.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\3108D94366292C662ED4876E55F3D72DD314EFA3.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\3159B8933DC643AB3B778435A33DE0B9C379C181.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\31AABFADFB9B9289BFE8B31CF4C5E6A821099320.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\31ED2F57E938BDB4BA709A6380E148A050471418.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\3447E61449E5A7886F7A50EB81F6BB6B51473012.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\34CB1A7B357439B3094A1C56BD153C2148C99AFF.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\356E64949D08897EB5185D64AB1F54745F1AA874.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\3581011E0E02F94BB4C12BB9B539802EBBFD43F5.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\379D859D73F9482D831C3B2274939ACC1F6DB16E.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\38020D7FC815F1EFF07B95F9B02D8865333810FC.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\38B9AF5B89DD3E13E81788E2B86BB9235D25129F.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\39B1DB756C4B28C95DD965B15DBF6AA46E2F0A8F.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\39C00065E7631F8BFDD6B1EDBB905BEC9291A0BA.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\39C1ABACBD37FD95B5C64E28D8EC63D3A09927BE.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\3A034F76645549AA6D363F71300379C7FB0886AD.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\3A16AA9714BCBE8A601C631EAE97BDEE58F71F2D.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\3A2E536DD233A580D7AC51C7F8533A6BFF1288A1.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\3A6284F01D850218227A9DE2CADFCD65EB80198D.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\3ACE863D342F7537064217A4543F7691758046D8.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\3BAFAEFCBAFE7CA58530D66274A34DD3E561A85D.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\3BCE9E4CE03E8AD11AE93F4357B4CC178BA499D5.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\3D70A3407627B49272DA7F669996466EC82801B7.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\3FF144CA804814E5BEFCC6D89E9EBAF13559EB81.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\4215A7FF5FD9571F80921645573BE02BF3B136B9.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\421E30E657DC63EBA1FB5EAD8726C4E59B5A1C39.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\4295E516A8DB5792B4298B694B70A42BDF4309CB.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\4451463EA2C53DA1E760F0F389725B021B487BCF.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\44962C1FB4C2A2EF6FD2084D44C6D9C51C1082D9.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\44EB27324B08EC00E13805C4D2C591C1C1138758.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\455C0FEA74D398F4BE889F21FF0DEF4288D2159E.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\4586AC1F3BC1248042556487991AB3E6403C075D.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\45DEE45885198FB03BFEEC9981B35D9CC897AF44.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\45F6D7851DF2EB3C9BA1134DB42B3DF64E8130FC.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\461A7AFE5F8370B8390CF8F708A4FA40ADD6A07E.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\4730D925B992E60AF63C9B1A70A1916C4A5017FD.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\4A0D20F949EB751A3F6B1B97EF4D74AB7893496E.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\4B3F538F22619DDE7B4ED1792028798B1F14AACE.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\4C397D1D68F9DBDCC164B51FC6FBD8E767C4B5DC.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\4C9577897BA50C7D7CE47301C6AB6EFEFC7250A1.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\4D227C8052F9069D764806C88CFD6E6596279D13.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\4D34CC9E70C0C6A5FBECCA443F4E7E874110DCD2.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\4D70403F5EF1B4BB82798A06CCFF583238B70E0E.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\503BCDF49270524B080474D2B7835179BAF6168A.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\51028249AC37E3C3F6614E254F946354DE597A44.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\5155AD94AD1F592E3A03927B297E1AF09F4D54E6.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\51754AA951EBE9552E47BBE72FECF4AC3E3A4B8A.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\54092E0BEF7489ACB7F7839C4817890599B2FDC0.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\542B0718E4C2A2ABB1777F4A513188AA5E0F72D9.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\56572B6C86C4E745A018625C6CD274E0DDED4009.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\56B899D2E3C2E15CEE1F3DE9FE7056D15B5D4053.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\57DDF4B500A87A53F7C85BEDED7460DBC37F1520.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\5967449BB55E6FB86DF6942091A9CA25B23822BA.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\59E5E9D458359B8130FBC0C24C6D10B368BF6CF1.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\59F68F35011FE5232DB1B1AB5C746C69EA801133.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\5A1E057E53F457F0168205A8605425CC99430482.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\5AAD3055EB099DEC4F12EA417A1CF8AB61540A4F.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\5C9696DEF6B48B6AEDB7BE51636F8942B67B8D2C.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\5D2038B5F600704CD65B518113E894FC3B9C2209.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\5E67C97950FE6B240138E99A4C150D9EEF4FC801.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\5F01EC8903E7B524D8E2A7A36F52EC9EB3C0456C.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\5F208EF0E13953C2A87198DCF3360DB7420F0117.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\613D02039435A3004A181231FF1FFF53EBFC7F2E.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\6197B635A9F0ADDB9EAFF3B13A4EB80150CFD9F3.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\61E854D6C23F07227D1E2EF8B5FB1F3AB8249554.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\626CCAD84D779F6846B4627D90D751E07C850885.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\6522488C4A4E9DB6AB4085F5DD20745A00B3BDA5.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\65488E027782B607A8680E3E24F8855D09123797.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\66041078BFEBF3D14DD14FC66CB4D104C184E601.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\67125E8E24853BF6AC8E5A71321E1C3FF28E5A91.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\68C7BD720D1AE70D8E2982E6CDCA4248E6DB4C02.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\69249E46925C25396A193E9196036AEF9E7D84AD.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\6AB2C8195FB7E18B41198D0DE9C56F77B5CBEEF6.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\6AF8443A3B21A85AA1C92155AE066E9CBF1FD704.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\6CD7830035C5A725E973700ACBB650085772FAC2.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\6D244F601C6D64CFF874B3CD6067978FFD577D25.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\6E484A291C1C6850FB918A715588FE169FC6B3ED.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\6EFF0BF2009151E01CE1C824DAE9CBC7D0B43344.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\71B5F64F75C066937123F74A75B26CCA881A91AC.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\71CDEB1FC18E092816CBB4F801D8A80849D7BEB2.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\72C8C19F77E2C2D3E55880A7BCC241D044DD4C31.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\72EAC4C04079732EA925DBE9BB4229E6622FC497.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\7378B6E3864ED6D90072034746F5616D57826DA1.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\745C49222939FE94FAEA0707D7609DB5F0F330B6.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\74713BA86346FC329428EDF318A2317AC9464390.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\74BEEDE33DDFE81A8EBB9DB1DA4251F2DF8F0E89.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\76C1DEC456C49A6E6F58B543D0BE25D1A3EEB37E.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\76F523BC840BCDECA661D75288FCA020361C1F78.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\775A6957AB6C78A01B35A196FE60A9ECA898D8FC.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\77FC3E63155241EFABF39703040C58EC6C1D1CC1.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\78442CC5286D5261E2DB46208E1117A45F949E88.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\78B341C175663D2D3D1E8C20008C2B8BCB1F1A98.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\797560CA8F024B000D952A15B347295185455966.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\7A4B3089B85E36E04E1D4C00422A2A29FDEF5715.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\7C00EBE1E94F3CD257E105FD0B9A263B5B71D109.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\7D0E6C57215598FE6C91E0D570F4F8D903EA8A34.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\7DD58E595E527292E0DB496D436F7D2D3FCCD287.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\7E3D84BEB1C7C51B995E32B4375554B3F9F92CB3.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\7E459319C22DD506E3088AAD9194D9C28510CDD7.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\7FEE6B9AB877C0AEDF01EF73EB2554655624061C.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\8030F0F75FEA83CBEB3D99472DD2C57431DD7B7A.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\80F8D674E35AE3AB00482CE9E31449C61B8B4BDF.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\816053E1F8D236C213674927C9C1D0E58B675426.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\817B722205DB90816BF311B6BAD1539F94144B27.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\81B616BFA3D5390CA01106FA3A046884DD863459.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\821F569BAD79B7389057A3EAA96CCE1A4DC68606.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\84005CE6124EFDDAD0DDF60C7965D7241CDD2A90.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\8421C6D5B7F96E67C6496623FD150CD3E3CE172F.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\849A46F885871687275E3108DBCF0C3102AB5720.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\8551F1F7CEB7757BF4252D92A7F6B7608F3EC99D.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\8686584A52459FAB85ACE9121DEF69330AAF899C.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\86C74A484309D34FF4D2968BA3460AB15782C3DC.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\86E11E247D8BDD636CF8C38624D71BA6B82CD211.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\871FA4BD5057CAE38ADA5B40D2330A6D8B4B4285.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\893BB338A5DB609D5DA40EDEC4064D0099963396.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\89991339ECEE0DD844EBF120CEB40DB4827A9E77.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\89D496F9DCF90BE3A0CDE61833C680D66CFA0F12.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\8A7A47CF1983325EEA02978D05CE0EEC7262BD83.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\8AA35F30027B362D67A1C3C08B2B0934B889C521.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\8B15C0535086E308870EEC3D068ECB210C6E0C4B.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\8B50DD4D0F0FA46E153A14B1C80E597E6C1F3867.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\8C705B364524D307E0A69150C77E5D984C70BB53.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\8D97DEA64728B2FBD45B55C47CCC4E60E1AEC1E3.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\8F1F554A517E5C05DB8050638E72ABFCC9618C2C.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\8F4AAD4046B70368766E51BDF26B8EE14DE5B54D.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\9084640A844A0457FE794CE555B5133662869A8D.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\911C03E6E027E5C0E5790F6A573814289305B1F9.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\92383E57233AF3D6640D7204356E96569817691D.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\928473024744304E4CC346B8B993A6B8A1563099.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\92B5ED156CAD2EE00B4BC99D64962F6CBD202595.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\9473E6C1DDE85D4922AF59B4CA8FEF79A2E2874B.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\9488BC9AA53443496E46F6C253A434551019959A.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\955E18E8967F40A1EC8775E83AA2B542542A5EA9.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\95C1A56A159C7DF955F4CA397793E8B5039B008C.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\969FDB69C63195597D92129587CA2CC414D08840.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\98C520EB5E7A9297BC75853A97262306260347B0.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\9964E3161E2E8822537F652605A309063E5CEFDB.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\9A07FC975D0658242022358637B3217F61D56DE2.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\9A87BF0972C29EBCEF3752C2ACC3FCA21C568CFA.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\9B6AE0E641DB4ABE3B72CAB16774FA360D390B16.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\9BD8FFE02B037ADAD61D28C8C8721D15E8A812DE.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\9C42882692428739150411CB9AE3966EA946CCD2.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\9C659758089D48AD8A8E97A080A6CB931F4B631C.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\9CBEF497B378E3E0552B7C8D9A0C725A92431A48.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\A0D9EBBDF175863069ABBCCE2855DEEB0B971ACD.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\A157E22C68AF09E9151F2965E535092ED8CEF800.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\A1C37CB427D93AC0340E17B32161E19C3A62AD50.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\A205394BA8E097D22D9E902392692129B7CC89F7.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\A2505C3296F5364CA3668A4745C5418E5F0D4579.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\A28EE8E2696B6C619AE611180AC675EAFAEA1F5C.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\A3E5D97E98034DF98047BC5F851B0A6636D7BF78.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\A4972EF70F56055C0F309598D82DF31E61ABC4AA.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\A49EC9E74D3E743DA10C8D08816BDE1140DEE931.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\A5E47C0DF90D93C0D47CFA587DE40B00D40B68BE.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\A62371B3589F7EC8A622F937D0FCBD28399BA518.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\A6B24E4CC9F3A2BECF0F7B66A415B10E7F39BE01.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\A86F10B43AD444DCE2C4275FF9F6397F54C44CB9.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\A8C24FE48A9548C9FFA3D776D7F6D49327B2D90F.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\A951026BC9DC5A637147C99DD0DE239FBDEAD237.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\AA33CAAB096DABE7BB7CBF1CD906794D467A0327.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\AAD7250FF40702F6097EA18C835876366A5F8D43.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\AAFFAFFAFFA77F43990CBB4A69791BAD26AD2614.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\AD8C95E0B9F884629FE4A99E10FADC84FB582840.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\AE2BAE78F98D09B4DD5BFC18FD829BC992C169EB.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\AF728776C1BB32F8331C605A7778042A5A623B5E.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\AF9EA3378416760AC624E5BE850660DD36CC845B.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\B17ECA4EC35C1F3BBB0532A42803AC579A9AF717.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\B1C002D2D3E925B378E62469593C142E022144D9.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\B1D62482BB58E230F774E91CE88284D45230E4A7.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\B2553A6120B9382846F64E1A6E335579D3461613.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\B26F0D6F3CF68D30DD43C8A887449B45CE7D544C.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\B360C774D60BE2C586FA8403C0A92C8438D2EDB5.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\B50882C94508C061A2B29D886F9DAB49403BB152.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\B513976FA99721CFF30081447CD5BFAF39931A0C.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\B52FD7E73186C5A208AF73E63644936B22AFBA6C.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\B64E308B6945C6EF35341EBCE604BCE2FBA9261E.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\B720356DB82F7E23D4DDF39C337F65CE4E3C966A.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\B7811D638A3C15A7494366A248925123C736C9AB.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\B8572E957FA3626CAC510A7360F95FE9F0D01EC6.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\B8E8DA36FB89CD75D6B4618FC9CEC281E4D1112B.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\B9B684AA875F1112C3F4F1C84378B80EC4DFDAB1.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\B9B76A43AD660B6F421072C7AA84DECC8241A499.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\BAB338260FAFFCC411C60827A936C73971F54563.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\BAEAD608F5043152E62C73B637911F18BDC05E87.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\BB4C4C3F32B0F8C820A17826743108338FF6AEF0.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\BB684DB1E854637A11511801E8929DB75C72F066.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\BB80FAED0E6BB93B3B52E5374FD40EAB497999F5.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\BC6C18F2023E5661CF10D8EA5F1A6879C657BEEE.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\BD3D6FEBA4338C54066D2B007677BB4483AD1096.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\BDADE71C1293513428FE64D4DC21EE3AB882A056.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\BF897B8F05936BCCBC7B182582907434312A78C3.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\BFEC55AB429B33A590D113511E80CFDBB9DD8164.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\C01DF03EF685E7CE92D49083C38E2C2F07AFA16C.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\C173453E94DAB479B5AB295BE0C0B98FF906AFF2.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\C1AEEFBEB19C6D076513D86467259B3A688212A5.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\C38647CC321C9BF69197B2B5832DD18C877AF141.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\C3FA76C0099972624179F536757993C7A17668F8.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\C4046CCADA082401969F1DC187D8407A5D33F6DB.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\C49477E77150A4036138C5D9874130F6B3F1B7D9.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\C6528D7C36AB566C8276071EBB58922EC6984C90.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\C6E37FD38BAA5DB2D1BE6DF1197EA8264AAF6126.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\C7DED0D24C7BFEABC436C638A2D80C8B8716F019.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\C986BF9D68FF728E9A7E84D02DA9CC66ED838C2D.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\CB311321034B35D0F410937F5AF79D918476C980.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\CB5730A7A51821E29A3B59C64AFC3D50A1E7AECB.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\CB5A678C8C257DDD7562CE5D93EA5B022E767E2F.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\CC1B7BB8DDCA67914DA7A9A97BC6DA95D3C2ECC2.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\CC3DE576297CBC2B43062D8B2EDD376F4E4CB1C4.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\CF557B1A3503E06540BDEA6C8202E212F7C0E27B.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\CF8430257EBB401A10275FD7B1E61C72E02C22F6.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\D06CB91051B0F6D07208A190314B5ACFA24F3EDE.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\D0CAA7AC436ADC553C1A4F545500E173A503B079.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\D18A6E22C7F28E6AC6641326A608E5EE16B022E2.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\D206A22F6A8BC06D77AB9C45BBDBD2329BBE18BD.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\D2AAD25D3D37CDAB41AA0DC8FD3E135FCEEF5297.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\D3399293894BE1C0A33C10A0713614357A14BE26.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\D54FDC4421CDCA6428273FFE3DAC02539FA78FF9.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\D5D6639AFD5D3CB4BA60483B7A38070755BEFBAE.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\D5FCAB84F44439AD32249E351D86FAE4F44B0A10.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\D62DA22FB336A98C685F826B8CEA995C0AE34175.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\D6338789064BE21E2ACFBE2273BEC6A384288034.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\D7DA4E89F267206DD5423326A5CD59079272345B.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\D89B279EF402680002AAF6628A40FED603525912.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\D8B7BBBACF36DBFB9509AFE72892E033F1A3F283.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\D93CCEE27D650DA70AC4D50134A08970166FE8D8.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\D9D3B37B471CB6BD0E529897CC4D1A61E13D7A35.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\DAD5A52318ECEA054AC94E7FAE15B83BEF7A78F3.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\DB3174010BCF44E21172F4288AA00A017C9121E0.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\DB675C06DAC877F3C6E1B92F294FF6EF1EDC8DCF.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\DCF43F36D5B1511AF23E7A408FBFE8F37AAD6DCB.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\DD5254C5528E865FFCFD53511F3CA73A9E169C40.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\DDDC983B23607201A51FDEF78E8B415F9188EC34.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\E02D59056A17E6FAFE09B145B127E832F0C922AE.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\E12469A18F34372D2053C23A4AB999BCDDD50C90.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\E14600A2EF6C1AF989DABEE94C347819FE3E58BE.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\E3FF1A62E0D07FA472D7577738B5836651936C25.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\E409A6C7E2790A562D4523668B5628180F59054C.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\E7DE4739D842CDC327910AC0E1C0061E8584D631.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\E81B2E83785F707266532B2A0DA23E04764C87AC.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\EB19F44219108B6FF10F5940A48502F3A8EC0B3D.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\EC26752BFF8CD5FA9AE187D8C1F194B8DD77EB57.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\EC7BB7ED4F48E0FB3DFF56827FD24B8073B42AF6.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\EE537693702947881A9932BE5BE7F5F3AF1AA282.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\EFA6FFC697C54EA4FD06F7A8BD18A2FCD8BA8522.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\EFBA6D6E38831AA4D16AE8B2DF49E729CA2DDC0B.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\F0090A123AC304F8E2E692781F48DB08677E1991.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\F1A36376F977F6C91C0960593955E4D5A256EC60.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\F22BA7DA7B244687AA698817011EA5C6787E9FEB.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\F270CC82368C84150E693F0E8A15D3F0A722E94F.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\F36F10C563776F1B58C7160314681726161DF6EB.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\F373CD4B6EB068D16793733B1DCD6E9EA7090D57.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\F4C6A79176FE3C2BCC04B6AA6B5341DCE2015F3F.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\F540187317AFAC1C63D035A6664FCB869687EF4C.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\F57C63587473741DA4843CEDD0578E3254C99C07.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\F5B0C91B475D82DE6E2838A9E6CAF2B40D99C146.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\F64C680AE48446955800994D4BC8BF1D21A28ED1.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\F736240D6608620637E26E797168271274C9CD77.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\F7BCC8FDB0F17B27E3242024B6810CFD60BE1323.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\F7F53746AB01B3387D666247DA974B1F289255A2.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\F8B87ACF7B917B024A0756AFB2877747E2BD58F2.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\FC927CFCB68208C8543DEE4C174F648FDFEB3590.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\FEA8040D8EA104518C4AE013BC1CAAA66BAD669D.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\FFB1840804F1E84ED3BC5F12A7455118CBE0E3AA.zqc Object is locked skipped
C:\WINDOWS\system32\appcom\v32mfc.ocx Object is locked skipped
C:\WINDOWS\system32\capew3d.exe Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\delip32.dll Object is locked skipped
C:\WINDOWS\system32\dlgoduri.dll Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\madibcon.dll Object is locked skipped
C:\WINDOWS\system32\secicad.dll Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\Home C drive\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1AE45B1C.exe Infected: Backdoor.Win32.Rbot.gen skipped
F:\Home C drive\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1B870E69.exe Infected: Backdoor.Win32.Rbot.gen skipped
F:\Home C drive\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1BE32604 Infected: Backdoor.Win32.Rbot.gen skipped
F:\Home C drive\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\33E44F99.exe Infected: Backdoor.Win32.Rbot.gen skipped

Scan process completed.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:24:07, on 02-Jun-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Norton SystemWorks\Process Viewer\PrcView.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Netscape Internet Service\_NSWatchman.exe
C:\Program Files\Netscape Internet Service\NSClient.exe
C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Thomas Clemens\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PrcView.lnk = C:\Program Files\Norton SystemWorks\Process Viewer\PrcView.exe
O4 - Global Startup: Shortcut to taskmgr.lnk = C:\WINDOWS\system32\taskmgr.exe
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/250
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://update.microsoft.com
O15 - Trusted Zone: www.pglms.com
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA97DD53-152B-49D7-8118-D2BAA0B9F532}: NameServer = 205.188.146.145
O21 - SSODL: Upsaleng - {934A239A-67D3-45D9-98E7-15B93606088F} - C:\WINDOWS\system32\secicad.dll
O21 - SSODL: Statsftp - {3BC20845-C2B1-4124-BFE4-75A91A9AF4E4} - (no file)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

--
End of file - 5755 bytes

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

To be sure you are clean, you have items I am not sure of, let's start with Kaspersky Online Scan (KOS)

(delete the contents of both quarantine folders in RED)
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\
F:\Home C drive\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:24:07, on 02-Jun-08

1) This item concerns me most, I can not identify it. Do you know what it is? If not scan it with: http://virusscan.jotti.org/ and post the results.
O21 - SSODL: Upsaleng - {934A239A-67D3-45D9-98E7-15B93606088F} - C:\WINDOWS\system32\secicad.dll

2) C:\WINDOWS\system32\msjava.dll <<< I may be wrong, but this looks like an old version of Java, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2

3) I am interested in this: appcom having never seen it in a KOS scan before, can you tell me is it this:
http://www.appcom.net/
This files also do not show up on a search, KOS says they are not a problem, but if you do not know them, would you scan each quickly and let me know what they are.
C:\WINDOWS\system32\capew3d.exe
C:\WINDOWS\system32\delip32.dll
C:\WINDOWS\system32\dlgoduri.dll
C:\WINDOWS\system32\madibcon.dll
You may need to show hidden files and folder to see them:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

I am not seeing anything I can point at and say this is malware, but I want to be sure you have no issues.

Thanks

Posting as a results of your private message:

Other than the items I mentioned that were in the quarantine files, I can not point at any malware. I do suggest you consider Internet Explorer 7 if just for the additional security it provides:
http://www.microsoft.com/windows/products/winfamily/ie/default.mspx

Here is a good malware program for a doublecheck if you wish:
Download Malwarebytes' Anti-Malware to your desktop.
http://www.besttechie.net/tools/mbam-setup.exe

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file in your next reply.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

I deleted the contents of the above mentioned folders. I wonder, should I have used the Shredder in S&D nstead of windows explorer delete?

I also have an empty folder C:\QUARANTINE but have no idea where it came from.

1.
I also have no idea what "C:\WINDOWS\system32\secicad.dll" nor "Upsaleng" are. I attempted to scan it per your request and the result was:
"The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file" and the file is 764 kB on disk.

2.
You are correct, this is an old version of java. I have downloaded the new but the instructions are to uninstall the old BEFORE installing the new and I cannot do this.

This is a persisting issue I have. Add/Remove programs cannot uninstall java nor Norton. I bought Norton System Works 2005 (in 2005) and the subscription ran out. It is against my principles to pay a yearly fee for a program I already purchased so I just assumed (wrongly) that it would just quit working and slowing me down so. Since I discovered your site, S&D and HJT I find that there are many remnants of Norton that will just not go away (sort of like a malware infection, no?)

My ISP is Netscape and it is acting rather peculiarly these days as well.

3.
www.appcom.net is a site which I had never seen nor accessed (until I clicked your link!) so I have no idea what it is (but it is most probably nothing to do with that site).

A current HJT log follows as does an earlier showing my previous afflictions with some oddities I have noted.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:07, on 04-Jun-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Norton SystemWorks\Process Viewer\PrcView.exe
C:\Program Files\Netscape Internet Service\NSClient.exe
C:\Program Files\Netscape Internet Service\_NSWatchman.exe
C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Network Associates\VirusScan\MCUPDATE.EXE
C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Thomas Clemens\Desktop\HiJackThis.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PrcView.lnk = C:\Program Files\Norton SystemWorks\Process Viewer\PrcView.exe
O4 - Global Startup: Shortcut to taskmgr.lnk = C:\WINDOWS\system32\taskmgr.exe
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://update.microsoft.com
O15 - Trusted Zone: www.pglms.com
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA97DD53-152B-49D7-8118-D2BAA0B9F532}: NameServer = 205.188.146.145
O21 - SSODL: Upsaleng - {934A239A-67D3-45D9-98E7-15B93606088F} - C:\WINDOWS\system32\secicad.dll
O21 - SSODL: Statsftp - {3BC20845-C2B1-4124-BFE4-75A91A9AF4E4} - (no file)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

--
End of file - 6079 bytes

and my "Oddities" file:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:25:24, on 22-May-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Norton SystemWorks\Process Viewer\PrcView.exe
C:\Program Files\eAcceleration\Station\station_bk.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Netscape Internet Service\NSClient.exe
C:\Program Files\Netscape Internet Service\_NSWatchman.exe
C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Admin\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [Sygate Personal Firewall Start] servic.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM\..\Run: [AstuteSoftware_WhenUSaveNow_Installer] C:\Program Files\AstuteSoftware_WhenUSaveNow_Installer\AstuteSoftware_WhenUSaveNow_Installer.exe
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "c:\documents and settings\thomas clemens\application data\install_en[1].exe"
O4 - HKLM\..\Run: [BM6f3248bc] Rundll32.exe "C:\WINDOWS\system32\yspmapwo.dll",s
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKUS\S-1-5-18\..\Run: [Sygate Personal Firewall Start] servic.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sygate Personal Firewall Start] servic.exe (User 'Default user')
O4 - Startup: PrcView.lnk = C:\Program Files\Norton SystemWorks\Process Viewer\PrcView.exe
O4 - Global Startup: Shortcut to taskmgr.lnk = C:\WINDOWS\system32\taskmgr.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/227
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA97DD53-152B-49D7-8118-D2BAA0B9F532}: NameServer = 205.188.146.145
O21 - SSODL: Upsaleng - {934A239A-67D3-45D9-98E7-15B93606088F} - C:\WINDOWS\system32\secicad.dll
O21 - SSODL: Statsftp - {3BC20845-C2B1-4124-BFE4-75A91A9AF4E4} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9621 bytes

Some other "oddities" I have noticed:

C:\WINDOWS\system32\wvUkKbYs.dll
270 kB, 11MAY08 09:58

C:\WINDOWS\system32\wjjllmnx.exe
2.56 kB, 22MAY08 09:03

The first is of the type and form common to a Vundo issue (although as one can
see it is not the current one indicated in HJT log, to wit:
O4 - HKLM\..\Run: [BM6f3248bc] Rundll32.exe "C:\WINDOWS\system32\yspmapwo.dll",s)

The second is an executable with some odditites of its own namely:
created, modified and accessed 22MAY08, 09:03:34
PIF Settings from properties:
Autoexec filename: %SystemRoot%\SYSTEM32\AUTOEXEC.NT
Config filename: %SystemRoot%\SYSTEM32\CONFIG.NT

C:\WINDOWS\system32\wuapi.dll.mui
25.3 kB, 30JUL07 19:19

C:\WINDOWS\system32\wuaucpl.cpl.mui
25.3 kB, 30JUL07 19:19

C:\WINDOWS\system32\wuaueng.dll.mui
19.8 kB, 30JUL07 19:18

C:\WINDOWS\system32\wucltui.dll.mui
33.3kB, 30JUL07 19:18

These three are odd in that they all have two file extensions and were created at
almost the exact same time which is different than the 03FEB05 creation date for
the other Windows update files.

Also, if you know or can figure out, what are these two items:

O4 - HKLM\..\Run: [AstuteSoftware_WhenUSaveNow_Installer] C:\Program Files\AstuteSoftware_WhenUSaveNow_Installer\AstuteSoftware_WhenUSaveNow_Installer.exe
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "c:\documents and settings\thomas clemens\application data\install_en[1].exe"

??? because I cannot figure them out.

Regarding the suspected Vundo entry,

O4 - HKLM\..\Run: [BM6f3248bc] Rundll32.exe "C:\WINDOWS\system32\yspmapwo.dll",s

I did a search for files on the "BM6f3248bc" part and found:
C:\WINDOWS\BM6f3248bc.xml and
C:\WINDOWS\BM6f3248bc.txt the contents of which are:

20.5.2008 - 23:21:21:151: Process attached explorer - 0 - 0
20.5.2008 - 23:21:23:214: Start thread connector, thread id: - 660 - 0
20.5.2008 - 23:21:23:294: Start thread protector, thread id: - 1800 - 0
20.5.2008 - 23:21:42:211: Stop thread protector, thread id: - 1800 - 0
20.5.2008 - 23:21:44:525: Process detach - 0 - 0
20.5.2008 - 23:21:45:176: Process attached explorer - 0 - 0
20.5.2008 - 23:21:47:729: Start thread connector, thread id: - 268 - 0
20.5.2008 - 23:21:48:10: Start thread protector, thread id: - 108 - 0
21.5.2008 - 0:52:51:516: Process attached explorer - 0 - 0
21.5.2008 - 0:53:1:460: Start thread connector, thread id: - 2852 - 0
21.5.2008 - 0:53:1:460: Start thread protector, thread id: - 1036 - 0
21.5.2008 - 19:20:35:569: Process attached explorer - 0 - 0
21.5.2008 - 19:20:46:4: Start thread connector, thread id: - 2536 - 0
21.5.2008 - 19:20:46:225: Start thread protector, thread id: - 2564 - 0
22.5.2008 - 8:52:17:279: Process attached explorer - 0 - 0
22.5.2008 - 8:52:29:917: Start thread connector, thread id: - 4036 - 0
22.5.2008 - 8:52:30:17: Start thread protector, thread id: - 3820 - 0
22.5.2008 - 8:53:33:338: Stop thread protector, thread id: - 3820 - 0
22.5.2008 - 8:53:33:619: Stop thread connector, thread id: - 2536 - 0
22.5.2008 - 8:53:33:619: Stop thread protector, thread id: - 2564 - 0
22.5.2008 - 8:53:33:649: Process detach - 0 - 0
22.5.2008 - 8:53:43:543: Process detach - 0 - 0
22.5.2008 - 8:53:48:580: Process attached explorer - 0 - 0
22.5.2008 - 8:53:58:815: Start thread protector, thread id: - 4076 - 0
22.5.2008 - 8:53:58:815: Protect thread Connector - 0 - 0
22.5.2008 - 8:53:59:85: Start thread connector, thread id: - 3976 - 0
22.5.2008 - 8:53:59:85: Start thread connector, thread id: - 3816 - 0
22.5.2008 - 13:18:21:716: Process attached explorer - 0 - 0
22.5.2008 - 13:18:55:524: Start thread connector, thread id: - 2232 - 0
22.5.2008 - 13:18:55:544: Start thread protector, thread id: - 2236 - 0

I do not know what much of this means but it looks like a tracking record of my activity,
which makes me really uncomfortable.

I ran VundoFix the other day, it found one, and I thought it ifxed it, but obviously not.

If you will, what are these?:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400

O17 - HKLM\System\CCS\Services\Tcpip\..\{CA97DD53-152B-49D7-8118-D2BAA0B9F532}: NameServer = 205.188.146.145

O21 - SSODL: Statsftp - {3BC20845-C2B1-4124-BFE4-75A91A9AF4E4} - (no file)

and ....from S&D Tools System Startup I find:

WinLogon (Current System) several items:

crypt32chain crypt32.dll
cryptnet cryptnet.dll
cscdll cscdll.dll
ScCertProp wlnotify.dll
Schedule "
sclgntfy sclgntfy.dll
SensLogn WINotify.dll
termsrv wlnotify.dll
wlballoon "

Thank you in advance for all your help.

The other problem I am having is although I can still run Netscape and get online, my wife (with a separate user account) tries to get online and Netscape goes on strike and just sits there and I am at a total loss as to why.

This has turned out to be much more complex that I expected. I'll start with the the numbered items you posted.

I deleted the contents of the above mentioned folders. I wonder, should I have used the Shredder in S&D nstead of windows explorer delete?We are talking about the contents of the folders, and is it is done, I don't think it is important how it got done.

I also have an empty folder C:\QUARANTINE but have no idea where it came from.left from some program that created it to store quarantined items...delete it.

1) Understand that I can not suggest you delete a file without knowing what it is. All I can suggest, if you can not scan it to find out, is to move it to the Recycle Bin and let it stay in there for a few week to make sure it is not a needed, valid file. It can not harm you in the RB, and yet it can be restored with ease if needed.

2) I can give you a program to do this, but I have not used the program. Folks who have say it works well:

http://prm753.bchea.org/JavaRa.html

One of the reason I have never suggested Symantec/Norton is the degree of difficulty removing it from the computer. Recently they released a tool to do this:
http://basconotw.mvps.org/SymRem.htm

My ISP is Netscape and it is acting rather peculiarly these days as well.
Vundo does cause problems and I know little about Netscape. I suggest you discuss this with your ISP, sounds like the software may need to be installed again.

3) I have no idea if that has anything to do with the items in the KOS, I was looking for information from you. It appears that the many files like this:
C:\WINDOWS\system32\appcom\0F8B1CD5BE8C84B8136B94A410E8FCB2E90FD66E.zqc Object is locked skipped
Have to do with a security program that is being run. I have never seen the program before and it may have nothing to do with the site I linked you to. I found the site as a results of using Google for: C:\WINDOWS\system32\appcom\

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:04:07, on 04-Jun-08
What I see that I question in this HJT log is:
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Process Viewer\PrcView.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
Norton just does not play well with McAfee. It may be that one item has to do with a Norton Firewall? And I don't want to tell you to remove a Firewall you are paying for. Do understand that if you run the removal tool Symantec/Norton provides, it will remove it all.

and this:
O21 - SSODL: Upsaleng - {934A239A-67D3-45D9-98E7-15B93606088F} - C:\WINDOWS\system32\secicad.dll
O21 - SSODL: Statsftp - {3BC20845-C2B1-4124-BFE4-75A91A9AF4E4} - (no file)
The first I can find no information about. The second is a leftover line that can be removed with HJT and it is benign.
I don't know if I provided all free scans I have:

http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/
Perhaps one of the other scans will work. I know what I would do if it were my computer, but I can not do that on your computer.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:25:24, on 22-May-08 This scan has infections in it and some nasty ones like this:
http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotry.html

but this scan is obsolete, the other HJT log is current and I pointed out what I could see.

I suggest you take care of the Java issue, remove the leftover Norton junk, then run the MBAM scan and post it with a new HJT log.

Thanks

Not that I am complaining, but Dude, you are QUICK!
I was composing that voluminous tome of a post earlier not realising that you had posted again, sorry!

I have been downloading the malwarebytes item for a while here and have yet to run it. I will post log when it is done.

1.
I will contact the software provider to determine if it is part of their program and let you know (it might be good for someone in your position to be familiar with that and the other items from that software )

2.
I will try that program and let you know if it removes that old Java. Install of new Java will immediately follow.

3.
That appcom reference is probably the security program, I will likewise let you know what I find after I talk to them.

Those Norton stickies are all over the place...I'm certain I will be 2 or 3 days (system) rooting them all out...ha ha!!

As I indicated before I am most definitely NOT paying for Norton and want it GONE A...S...A...P! (Thanks for the removal tool BTW). The only regret I have will be losing their process viewer....it is a good compliment to task manager in that it provides the full path for the running processes (which Windows taskman does not) so they are more easily identified...all the rest of Norton is crap and I will be gald to be rid of it.

You said:
"I know what I would do if it were my computer, but I can not do that on your computer."

please tell me what you would do if it were your computer!

As for the obsolete scan...that was included purely for information purposes and to point out the "oddities" I have noticed in my journey of discovery.

As for the infections in it...presumably I removed them with all the tools I have been blindly running if they no longer appear in the current log. If you have the time (yeah, right!) enlighten me as to the infections in the old log (especially the nasty ones) so I will recognise them in the future.

As per your suggestion I will:
take care of the Java issue(s)
eradicate Norton
run MBAM, post log and HJT log. Forgive me if it takes a day or so...we just had a baby and my time is a bit stretched (diapers, midnight feedings and all!)

Thanks again for all your help! You guys ROCK!!!

My apologies for the extended delay.

Java is updated and Norton is gone (I hope!).

mbam log:

Malwarebytes' Anti-Malware 1.14
Database version: 826

20:48:45 08-Jun-08
mbam-log-6-8-2008 (20-48-23).txt

Scan type: Quick Scan
Objects scanned: 46108
Time elapsed: 33 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.

I did a full scan the other day and it took 5+ hours. I only did a quick scan above today to be current because I did not have the time for a full scan. But you will find the full scan results from the other day below in case you need it. You will notice they are essentially identical.

Malwarebytes' Anti-Malware 1.14
Database version: 826

07:03:34 05-Jun-08
mbam-log-6-5-2008 (07-03-10).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 103043
Time elapsed: 5 hour(s), 55 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\VundoFix Backups\wvUkKbYs.dll.bad (Trojan.Vundo) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.

And my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:18, on 08-Jun-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Netscape Internet Service\NSClient.exe
C:\Program Files\Netscape Internet Service\_NSWatchman.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Documents and Settings\Thomas Clemens\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Shortcut to taskmgr.lnk = C:\WINDOWS\system32\taskmgr.exe
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://update.microsoft.com
O15 - Trusted Zone: www.pglms.com
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA97DD53-152B-49D7-8118-D2BAA0B9F532}: NameServer = 205.188.146.145
O21 - SSODL: Upsaleng - {934A239A-67D3-45D9-98E7-15B93606088F} - C:\WINDOWS\system32\secicad.dll
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6269 bytes

Thanks for returning your information, I have to ask about this:
Files Infected:
C:\VundoFix Backups\wvUkKbYs.dll.bad (Trojan.Vundo) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
Did you really choose to take no action when MBAM found the malware? If so, run it again and delete or quarantine what it finds.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:37:18, on 08-Jun-08

Are you sure you want these in your "Trusted Zones"
O15 - Trusted Zone: www.pglms.com
O15 - Trusted Zone: http://*.turbotax.com

This item is still running:
O21 - SSODL: Upsaleng - {934A239A-67D3-45D9-98E7-15B93606088F} - C:\WINDOWS\system32\secicad.dll
I do not believe we resolved the issue? I can not find out what it is from here, if you don't know and can not find out with the scanners:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/

You may want to delete it or at least move it to the Recycle Bin. Are you havving malware symptoms?

Thanks

Sorry, lacking specific instructions from you I took no action. I will run it again and delete or quarantine those items.

I still have not heard back from support at the security site software to know if secicad.dll is theirs or not. Will advise as soon as I get some info.

I have not had any of the usual malware symtoms (i.e. pop-ups, ads for anti-virus etc)..but things are running more slowly than is normal for my usually slow system (old computer, little memory, dial-up conection).

I have upgraded to XP SP3 and IE 7 per your suggestion.

Will run mbam and delete items, double check on secicad and post again.

Thanks again so much for all your help!!

Here is some good information to help with a slow computer:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

Still no word on secicad....

You said:
"Are you sure you want these in your "Trusted Zones"
O15 - Trusted Zone: www.pglms.com
O15 - Trusted Zone: http://*.turbotax.com "

I'm pretty sure I do. The pglms is a site for my childrens' foreign language schooling and turbotax is self expanatory since I do my taxes with it.

I ran mbam again...deleted all selected items.....

mbam log:

Malwarebytes' Anti-Malware 1.14
Database version: 826

19:51:19 11-Jun-08
mbam-log-6-11-2008 (19-51-19).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 111580
Time elapsed: 4 hour(s), 26 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\VundoFix Backups\wvUkKbYs.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.


and fresh HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:49, on 11-Jun-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Netscape Internet Service\NSClient.exe
C:\Program Files\Netscape Internet Service\_NSWatchman.exe
F:\Home C drive\Process Viewer\PrcView.exe
C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Documents and Settings\Thomas Clemens\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe
O4 - Global Startup: Shortcut to taskmgr.lnk = C:\WINDOWS\system32\taskmgr.exe
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://update.microsoft.com
O15 - Trusted Zone: www.pglms.com
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA97DD53-152B-49D7-8118-D2BAA0B9F532}: NameServer = 205.188.146.145
O21 - SSODL: Upsaleng - {934A239A-67D3-45D9-98E7-15B93606088F} - C:\WINDOWS\system32\secicad.dll
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6354 bytes

I will preuse those most useful links you gave me and do what seems most prudent.

Can you tell whether I am "clean" now?
What further action should we take?

Thanks again!
Tom

There are still some HJT items that cause me pause, could you enlighten me as to what they are?

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400

O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/227

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{CA97DD53-152B-49D7-8118-D2BAA0B9F532}: NameServer = 205.188.146.145

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

This is still the only item in the HJT log I am not sure of:
O21 - SSODL: Upsaleng - {934A239A-67D3-45D9-98E7-15B93606088F} -
C:\WINDOWS\system32\secicad.dll

I'll give you free scanners again:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/
http://onlinescan.avast.com/
http://old.antivir.ru/english/www_av/
http://www.threatexpert.com/filescan.aspx

You may also be able to scan it here:
http://www.bleepingcomputer.com/submit-malware.php

Tom, I just do not have the time for all you want. The links can be clicked on to see what they are and for the rest of the stuff, use Google:
http://www.google.com/ or http://www.whois.sc/

Thanks

I am sorry...I am not trying to monopolize your time...I was just wanting to pick your brain a little....

I will keep up the search to find what upsaleng and secicad are....none of the A/V's I've tried have seen anything untoward about it and google finds nothing under those names other than my posts here!!!

I will redouble my efforts with the security software company to at least get a response from their tech support people (they have never even replied to my first inquiry....'twould they were as prompt and helpful as you!)

I cannot thank you enough for the time and effort you have expended on my behalf.

If you could, please do not close this thread and check up on me occasionally and I will post here with the results of my queries.

Thanks again,

Tom